One of the best features of Office 365 vs BPOS: setting passwords not to expire

Should passwords expire? Most of the best practice guides I have seen say that they should, but there are downsides. The more often passwords expire, the more likely users are to forget them and contact support, or write them down, which is insecure. Further, it is all friction that means users get less work done.

There is plentiful evidence of the aggravation this causes, particularly when the new password has to be entered in several places. Smartphones are problematic because email accounts settings can be hard to find. For example:

guess who missed a super important email last night from my most important customer because unbeknownst to me, my smart phone was no longer receiving messages because the password had expired – even though I never selected a 90-day setting when i set up the account and had no idea such insanity was in place. It wasn;t until I logged into my computer just now and was greeted with none of my services working that I figured it out!

My Office 365 account password expired today and, somewhere in the midst of the password reset I managed to lock myself out. As I only have one mailbox on the account (i.e. I am the administrator), that’s a bit of a problem.

Microsoft’s cloud services, BPOS and Office 365, both set automatic password expiry by default. This was a common complaint about BPOS. Originally you could contact support and get password expiry disabled; then Microsoft decided this was too much hassle for it (never mind the users) and made it impossible to change.

Fortunately Office 365 does allow you to disable password expiry. Here is how.